Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
Privilege escalation in XXL-Job High
CVE-2023-33779 was published for com.xuxueli:xxl-job (Maven) May 26, 2023
Mattermost Incorrect Authorization vulnerability High
CVE-2023-2515 was published for github.com/mattermost/mattermost-server/v6 (Go) May 12, 2023
On a compromised node, the virt-handler service account can be used to modify all node specs High
CVE-2023-26484 was published for kubevirt.io/kubevirt (Go) Mar 16, 2023
younaman Credited to younaman and XDTG XDTG XDTG
Incorrect Authorization in Jenkins Core High
CVE-2023-27899 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel Credited to westonsteimel
api-platform/core's secured properties may be accessible within collections High
CVE-2023-25575 was published for api-platform/core (Composer) Feb 28, 2023
Toflar Credited to Toflar and soyuka soyuka soyuka
KubeOperator allows unauthorized access to system API High
CVE-2023-22480 was published for github.com/KubeOperator/KubeOperator (Go) Jan 9, 2023
suanve Credited to suanve
Uniswap Universal Router Incorrect Authorization vulnerability High
CVE-2022-48216 was published for @uniswap/universal-router (npm) Jan 4, 2023
destiny.gg chat vulnerable to cross-site request forgery High
CVE-2020-36625 was published for github.com/destinygg/chat (Go) Dec 22, 2022
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace High
CVE-2022-46167 was published for github.com/clastix/capsule (Go) Dec 5, 2022
MaxFedotov Credited to MaxFedotov and whatev3n whatev3n whatev3n
Istio may allow identity impersonation if user has localhost access High
CVE-2022-39388 was published for github.com/istio/istio (Go) Nov 9, 2022
howardjohn Credited to howardjohn
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Phoenix before 1.6.14 mishandles check_origin wildcarding High
CVE-2022-42975 was published for phoenix (Erlang) Oct 17, 2022
maennchen Credited to maennchen
Harbor fails to validate the user permissions when updating tag retention policies High
CVE-2022-31670 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar Credited to michaelkedar
Talos worker join token can be used to get elevated access level to the Talos API High
CVE-2022-36103 was published for github.com/talos-systems/talos (Go) Sep 16, 2022
smira Credited to smira
Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification High
CVE-2022-2989 was published for github.com/containers/podman/v3 (Go) Sep 14, 2022
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification High
CVE-2022-2990 was published for github.com/containers/buildah (Go) Sep 14, 2022
Barbican authorization flaw before v14.0.0 High
CVE-2022-23451 was published for barbican (pip) Sep 7, 2022
Broken Authorization in ZITADEL Actions High
CVE-2022-36051 was published for github.com/zitadel/zitadel (Go) Aug 30, 2022
mezdanak Credited to mezdanak
Magento Improper Authorization vulnerability High
CVE-2022-34256 was published for magento/community-edition (Composer) Aug 17, 2022
Magento Improper Access Control vulnerability High
CVE-2022-34255 was published for magento/community-edition (Composer) Aug 17, 2022
Moodle Incorrect Authorization vulnerability High
CVE-2020-14321 was published for moodle/moodle (Composer) Aug 17, 2022
AnonySE26 Credited to AnonySE26
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level High
CVE-2022-1025 was published for github.com/argoproj/argo-cd (Go) Jul 13, 2022
Salt's PAM auth fails to reject locked accounts High
CVE-2022-22967 was published for salt (pip) Jun 25, 2022
Unauthorized view fragment access in Jenkins High
CVE-2022-34175 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault Credited to NotMyFault
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell Credited to GrahamCampbell
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database